You need the server that's performing the validation to be able to receive connections from the Internet on port 80, from the outside world's point of view. How that's implemented in terms of routers and port forwarding is up to you. If your ISP is blocking connections on port 80, you presumably won't be able to do this on that ISP at all.
Well, a month or so ago, it was still possible (and the default behavior with Certbot's --nginx option) to do validations on port 443, but that's changed during that time.
So maybe you're now seeing the consequences of that change if your ISP does allow inbound connections on port 443.